Changeset - 6648ed63ca6b
[Not reviewed]
0 2 0
Denver Gingerich - 4 years ago 2020-07-15 23:59:24
denver@ossguy.com
Copyleft Compliance: mostly minor fixes to new pgs

These are mostly minor edits (typo fixes, etc.) to the enforcement
strategy and firmware liberation pages that were just added.

The one large change was to replace the first paragraph of the
enforcement strategy page with the full Conservancy description used
previously. The glue text used to shorten it appeared unsalvageable
and it wasn't immediately obvious how to replace it with something
better, so we used the full description instead.
2 files changed with 27 insertions and 22 deletions:
0 comments (0 inline, 0 general)
www/conservancy/static/copyleft-compliance/enforcement-strategy.html
Show inline comments
 
{% extends "base_compliance.html" %}
 
{% block subtitle %}Copyleft Compliance Projects - {% endblock %}
 
{% block submenuselection %}EnforcementStrategy{% endblock %}
 
{% block content %}
 

	
 
<h1 id="software-freedom-conservancy-proposal-for-gpl-enforcement-grant">History and Future Strategy</h1>
 

	
 
<p>The Software Freedom Conservancy is a 501(c)(3) non-profit charity
 
  registered in New York that continues it work in the are of important
 
  registered in New York.  Founded in 2006, Conservancy helps people take control
 
  of their computing by growing the software freedom movement, supporting
 
  community-driven alternatives to proprietary software, and defending free
 
  software with practical initiatives.  Conservancy accomplishes these goals
 
  with various initiatives including fiscal sponsorship, licensing and project
 
  governance policy, and public advocacy.  Some of Conservancy's most important
 
  licensing policy work involves defending and upholding the rights of
 
  software users and consumers under copyleft licenses, such as the GPL.</p>
 

	
 
<h2 id="brief-history-of-user-focused-gpl-enforcement">Brief History of
 
  User-Focused GPL Enforcement</h2>
 

	
 
<p>The spring of 2003 was a watershed moment for software freedom on
 
  electronic devices. 802.11 wireless technology had finally reached the
 
  mainstream, and wireless routers for home use had flooded the market
 
  earlier in the year. By June
 
  2003, <a href="https://hardware.slashdot.org/story/03/06/08/1749217/is-linksys-violating-the-GPL">the
 
    general public knew that Linksys (a division of Cisco) was violating the
 
    GPL</a> on their WRT54G model wireless routers. Hobbyists discovered
 
  (rather easily) that Linux, BusyBox and many GNU programs were included in
 
  the router, but Linksys and Cisco had failed to provide source code or any
 
  offer for source code to its customers.</p>
 

	
 
<p>A coalition formed including organizations and individuals — including
 
<p>A coalition formed made up of organizations and individuals — including
 
  Erik Andersen (major contributor to and former leader of the BusyBox
 
  project) and Harald Welte (major contributor to Linux’s netfilter
 
  subsystem) — to enforce the
 
  GPL. <a href="https://sfconservancy.org/about/staff/#bkuhn">Bradley
 
    M. Kuhn</a>, who is now Conservancy’s Policy Analyst and
 
  Hacker-in-Residence, led and coordinated that coalition when he was
 
  Executive Director of the FSF. By early 2004, this coalition, through the
 
  process of GPL enforcement,compelled Linksys to release an
 
  process of GPL enforcement, compelled Linksys to release an
 
  almost-GPL-compliant source release for the
 
  WRT54G. A <a href="https://openwrt.org/about/history">group of volunteers
 
    quickly built a new project, called OpenWRT</a> based on that source
 
  release. In the years that have followed, OpenWRT has been ported to almost
 
  every major wireless router product. Now, more than 15 years later, the
 
  OpenWRT project routinely utilizes GPL source releases to build, improve
 
  and port OpenWRT. The project has also joined coalitions to fight the FCC
 
  to ensure that consumers have and deserve rights to install modified
 
  firmwares on their devices and that such hobbyist improvements are no
 
  threat to spectrum regulation.</p>
 

	
 
<p>Recently, OpenWRT decided to join Conservancy as one its member projects,
...
 
@@ -106,51 +111,51 @@
 
  — invading the privacy and security of individual homes. Even when
 
  companies succeed in keeping out third parties, consumers
 
  are <a href="https://www.theguardian.com/technology/2019/aug/29/ring-amazon-police-partnership-social-media-neighbor">pressured
 
    by camera makers</a> to automatically upload their videos to local
 
  police. Televisions
 
  routinely <a href="https://techcrunch.com/2019/01/07/vizio-settlement-moves-forward/">spy
 
    on consumers for the purposes of marketing and massive data
 
    collection</a>.</p>
 

	
 
<p>There is one overarching irony to this growing dystopia: nearly all these
 
  devices are based primarily on software licensed under the GPL: most
 
  notably, Linux. While Linux-based systems do allow proprietary user-space
 
  applications not licensed under GPL, the kernel (and many other system
 
  applications not licensed under GPL, the kernel and many other system
 
  utilities routinely used in embedded systems, such as Conservancy’s BusyBox
 
  project) are under that license (or similar copyleft licenses such as the
 
  LGPL). These licenses require device markers to provide complete,
 
  project, are under that license (or similar copyleft licenses such as the
 
  LGPL). These licenses require device makers to provide complete,
 
  corresponding source code to everyone in possession of their
 
  devices. Furthermore, Linux’s specific license (GPL, version 2), mandates
 
  that source code must also include “the scripts used to control compilation
 
  and installation of the executable”. In short, the consumers must receive
 
  all the source code and the ability to modify, recompile and reinstall that
 
  software. Upholding of this core freedom for Linux made OpenWRT
 
  possible. We work to preserve (or, more often, restore) that software
 
  freedom for consumers of other types of electronic devices.</p>
 

	
 
<p>When devices are compliant with the GPL’s requirements, customers can
 
  individually or collectively take action against the surveillance and other
 
  predatory behavior perpetuated by the manufacturers of these devices by
 
  modifying and replacing the software. Hobbyists can aid their community by
 
  providing these alternatives. People with no technical background already
 
  replace firmware on their wireless routers with OpenWRT to both improve
 
  network performance and allay privacy concerns. Furthermore, older
 
  equipment is often saved from planned obsolescence by alternative
 
  solutions. E-recyclers
 
  like <a href="https://www.freegeek.org/">Freegeek</a> do this regularly for
 
  desktop and laptop machines with GNU/Linux distributions like Debian, and
 
  with OpenWRT for wireless routers. We seek to assure they can do this for
 
  with OpenWRT for wireless routers. We seek to ensure they can do this for
 
  other types of electronic products. However, without the complete,
 
  corresponding source code and the scripts to control its compilation and
 
  corresponding source code, including the scripts to control its compilation and
 
  installation, the fundamental purpose of copyleft is frustrated. Consumers,
 
  hobbyists, non-profit e-recyclers and the general public are left without
 
  the necessary tools they need and deserve, and which the license promises
 
  them.</p>
 

	
 
<p>Additionally, copyleft compliance relates directly to significant
 
  generational educational opportunities. There are few easier ways to
 
  understand technology than to experiment with a device one already
 
  has. Historically, FOSS has succeeded because young hobbyists could
 
  examine, modify and experiment with software in their own devices. Those
 
  hobbyists became the professional embedded device developers of today!
 
  Theoretically, the advent of the “Internet of Things” — with its many
...
 
@@ -159,39 +164,39 @@
 
  lives. Yet, that’s rarely possible in reality. To ensure that both current
 
  and future hobbyists can practically modify their Linux-based devices, we
 
  must enforce Linux’s license. With public awareness that their devices can
 
  be improved, the desire for learning will increase, and will embolden the
 
  curiosity of newcomers of all ages and backgrounds. The practical benefits
 
  of this virtuous cycle are immediately apparent. With technological
 
  experimentation, people are encouraged to try new things, learn how their
 
  devices work, and perhaps create whole new types of devices and
 
  technologies that no one has even dreamed of before.</p>
 

	
 
<p>“Internet of Things” firmware should never rely on one vendor — even the
 
  vendor of the hardware itself. This centralized approach is brittle and
 
  inevitably leads to invasions of the public’s privacy and control of their
 
  inevitably leads to invasions of the public’s privacy and loss of control of their
 
  technology. Conservancy’s GPL enforcement work is part of the puzzle that
 
  ensures users can choose who their devices connect to, and how they
 
  connect. Everyone deserves control over their own computing — from their
 
  laptop to their television to their toaster. When the public can modify (or
 
  help others modify) the software on their devices, they choose the level of
 
  centralized control they are comfortable with. Currently, users with
 
  Linux-based devices usually don’t even realize what is possible with
 
  copyleft; Conservancy aims to show them.</p>
 

	
 
<h2 id="the-gpl-compliance-project-for-linux-developers">The GPL Compliance
 
  Project for Linux Developers</h2>
 

	
 
<p>In May 2012, Software Freedom Conservancy
 
  formed <a href="https://sfconservancy.org/copyleft-compliance/">The GPL
 
  formed <a href="https://sfconservancy.org/copyleft-compliance/#linux">The GPL
 
    Compliance Project for Linux Developers</a> in response to frustration by
 
  upstream Linux developers about the prevalence of noncompliance in the
 
  field, and their desire to stand with Conservancy’s BusyBox, Git and Samba
 
  projects in demanding widespread GPL compliance. This coalition of Linux
 
  developers works with Conservancy to enforce the GPL for the rights of
 
  Linux users everywhere — particularly consumers who own electronic
 
  devices. We accept violation reports from the general public, and
 
  prioritize enforcement in those classes of devices where we believe that we
 
  can do the most good to help achieve GPL compliance that will increase
 
  software freedom for the maximum number of device users.</p>
 

	
 
<h2 id="the-need-for-litigation">The Need for Litigation</h2>
...
 
@@ -277,22 +282,22 @@
 
<p>The success of the OpenWRT project, born from GPL enforcement, has an
 
  important component. While we’ve long hoped that volunteers, as they did
 
  with OpenWRT and SamyGo, will take up compliant sources obtained in our GPL
 
  enforcement efforts and build alternative firmware projects, history shows
 
  us that the creation of such projects is not guaranteed and exceedingly
 
  rare.</p>
 

	
 
<p>Traditionally, our community has relied exclusively on volunteers to take
 
  up this task, and financial investment only comes after volunteers have put
 
  in the unfunded work to make an MVP alternative firmware. While volunteer
 
  involvement remains essential to the success of alternative firmware
 
  projects, we know from our fiscal sponsorship work that certain aspects of
 
  FOSS projects require an experienced charity to initiate and jump start
 
  FOSS projects require an experienced charity to initiate and jump-start
 
  some of the less exciting aspects of FOSS project creation and
 
  development.</p>
 

	
 
<p>Conservancy plans to select a specific class of device. Upon achieving
 
  compliant source releases in that subindustry through GPL enforcement,
 
  Conservancy will <a href="firmware-liberation">launch an alternative
 
  firmware project</> for that class of device.</p>
 
  Conservancy will <a href="firmware-liberation.html">launch an alternative
 
  firmware project</a> for that class of device.</p>
 

	
 
{% endblock %}
www/conservancy/static/copyleft-compliance/firmware-liberation.html
Show inline comments
...
 
@@ -11,94 +11,94 @@
 
  electronic devices. 802.11 wireless technology had finally reached the
 
  mainstream, and wireless routers for home use had flooded the market
 
  earlier in the year. By June
 
  2003, <a href="https://hardware.slashdot.org/story/03/06/08/1749217/is-linksys-violating-the-GPL">the
 
    general public knew that Linksys (a division of Cisco) was violating the
 
    GPL</a> on their WRT54G model wireless routers. Hobbyists discovered that
 
  Linux, BusyBox and many GNU programs were included in the router, but
 
  Linksys and Cisco had failed to provide source code or any offer for source
 
  code to its customers. Linksys had violated the GPL, the license of these
 
  projects.</p>
 

	
 
<p>A coalition successfully enforced the GPL in this case, and Linksys
 
  released source code A <a href="https://openwrt.org/about/history">group of
 
  released source code. A <a href="https://openwrt.org/about/history">group of
 
    volunteers quickly built a new project, called OpenWRT</a> based on that
 
  source release. In the years that have followed, OpenWRT has been ported to
 
  almost every major wireless router product. Now, more than 15 years later,
 
  the OpenWRT project routinely utilizes GPL source releases to build,
 
  improve and port OpenWRT. OpenWRT has spurred companies to create better
 
  routers.</p>
 

	
 
<h2 id="gpl-enforcement-needs-follow-through">GPL Enforcement Needs Follow-Through</h2>
 

	
 
<p>Simply enforcing the GPL is an important first step, and Conservancy
 
  <a href="enforcement-strategy.html">continues our efforts in that regard</a>. However,
 
  the success found with OpenWRT can be replicated <em>only if</em> there is
 
  substantial effort <strong>after</strong> enforcement occurs to turn the
 
  compliant source release into a viable alternative firmware for the
 
                                           platform.</p>
 
                                           
 
<p>Conservancy has seen non-compliant Linux-based firmwares on refrigerators,
 
  baby monitors, virtual assistants, soundbars, doorbells, home security
 
  cameras, police body cameras, cars, AV receivers, and televisions.</p>
 

	
 
<p>This wide deployment of general purpose computers into mundane household
 
  devices raises profound privacy and consumer rights
 
  devices has profound privacy and consumer rights
 
  implications. <a href="https://www.nytimes.com/2019/12/15/us/Hacked-ring-home-security-cameras.html">Home</a> <a href="https://www.washingtonpost.com/technology/2019/01/23/family-says-hacked-nest-camera-warned-them-north-korean-missile-attack/">security</a> <a href="https://www.npr.org/sections/thetwo-way/2018/06/05/617196788/s-c-mom-says-baby-monitor-was-hacked-experts-say-many-devices-are-vulnerable">cameras</a> <a href="https://www.cnn.com/2019/12/12/tech/ring-security-camera-hacker-harassed-girl-trnd/index.html">are</a> <a href="https://abc7.com/baby-monitor-hack-leads-to-kidnap-scare/4931822/">routinely</a> <a href="https://www.bbc.com/news/av/uk-44117337/security-footage-viewed-by-thousands">compromised</a>
 
  — invading the privacy and security of individual homes. Even when
 
  companies succeed in keeping out third parties, consumers
 
  are <a href="https://www.theguardian.com/technology/2019/aug/29/ring-amazon-police-partnership-social-media-neighbor">pressured
 
    by camera makers</a> to automatically upload their videos to local
 
  police. Televisions
 
  routinely <a href="https://techcrunch.com/2019/01/07/vizio-settlement-moves-forward/">spy
 
    on consumers for the purposes of marketing and massive data
 
    collection</a>.</p>
 

	
 
<p>“Internet of Things” firmware should never rely on one vendor — even the
 
  vendor of the hardware itself. This centralized approach is brittle and
 
  inevitably leads to invasions of the public’s privacy and control of their
 
  inevitably leads to invasions of the public’s privacy and loss of control of their
 
  technology. Conservancy plans to address this issue in the manner that the
 
  FOSS community knows best: put one foot in front of the other, and work to
 
  create FOSS for every possible task that users want to accomplish. For IoT
 
  devices, this means creating alternative firmware in the same manner that
 
  OpenWRT has done for wireless routers.</p>
 

	
 
<h2 id="limited-success-of-alternative-hardware">Limited Success of
 
  Alternative Hardware</h2>
 

	
 
<p>Alternative hardware projects remain an essential component of small
 
  device freedom. Conservancy supports and engages with communities that seek
 
  to source and build IoT-style devices from the ground up. We’re excited to
 
  see deployable boards that allow Maker efforts to create new devices.</p>
 

	
 
<p>Nevertheless, we remain ever-cognizant that FOSS succeeded on servers,
 
  laptop, desktop, and wireless router computers <em>precisely</em> because
 
  users could buy commodity hardware at any store and install FOSS. There is
 
  no complete, operational base operating system for most IoT devices on the
 
  market.</p>
 

	
 
<h3 id="demonstrating-the-power-of-software-freedom">Demonstrating the power
 
  of software freedom,</h3>
 
  of software freedom</h3>
 

	
 
<p>To many, the benefits of software freedom are abstract. For less technical
 
  users, the idea of modifying or even reviewing the software on their
 
  devices is wholly theoretical. For technical users, there is a limited time
 
  available to invest in the devices they use for their everyday
 
  lives. Bringing people together to take collective action for the control
 
  of their own technology is a powerful proposition that has rarely been
 
  demonstrated.</p>
 

	
 
<p>When alternative firmware projects like OpenWRT exist for IoT devices,
 
  non-technical users can replace the software on their devices and benefit
 
  from custom, community-controled software. Technical users are more likely
 
  from custom, community-controlled software. Technical users are more likely
 
  to contribute knowing their efforts will be meaningful.</p>
 

	
 
<p>However, decades of corporate involvement in copyleft have demonstrated
 
  that without an organized effort, control over one’s own software is purely
 
  theoretical, even when software has a copyleft license, and
 
  sometimes <em>even when</em> compliance with the copyleft license is
 
  acheived. Conservancy recognizes that there is a unique opportunity for
 
  charitable organizations to step in and change the power dynamic of the
 
  tech industry for consumers.</p>
 

	
 
<h2 id="conservancys-plan-for-action">Conservancy’s Plan For Action</h2>
 

	
...
 
@@ -108,63 +108,63 @@
 
  the embedded industry to more quickly achieve compliant source releases in
 
  a particular subindustry.</p>
 

	
 
<p>Second, depending on what subindustry (i.e., specific class of devices)
 
  seems most responsive to increased enforcement activity and willing to
 
  provide compliant source releases quickly, we will launch, coordinate and
 
  fund an alternative firmware project for that class.</p>
 

	
 
<h2 id="leveraging-on-increased-enforcement">Leveraging on Increased
 
  Enforcement</h2>
 

	
 
<p><a href="enforcement-strategy.html">Conservancy plans to select a specific
 
  violation and engage in litigation. Based on past experience, we expect
 
  violation and engage in litigation.</a> Based on past experience, we expect
 
  that the press and attention to that ongoing litigation will yield
 
  increased responsiveness by violators throughout the industry. (A similar
 
  outcome occurred after our litigation in 2006.) This expected change in
 
  behavior will open opportunities to replicate the OpenWRT approach in
 
  another embedded electronic subindustry. Fast action will be necessary;
 
  most IoT products have an 18 month lifecycle, so we seek to quickly
 
  identify the right subindustry, gain compliance there, and move on to the
 
  next phase.</p>
 

	
 
<h3 id="funding-firmware-liberation">Funding Firmware Liberation</h3>
 

	
 
<p>While we’ve long hoped that volunteers would take up compliant sources
 
  obtained in our GPL enforcement efforts and build alternative firmware
 
  projects as they did with OpenWRT, history shows us that the creation of
 
  such projects is not guaranteed and exceedingly rare.</p>
 

	
 
<p>Traditionally, our community has relied exclusively on volunteers to take
 
  up this task, and financial investment only comes after volunteers have put
 
  in the unfunded work to make a Minimum Viable Product (MVP) liberated
 
  firmware. While volunteer involvement remains essential to the success of
 
  alternative firmware projects, we know from our fiscal sponsorship work
 
  that certain aspects of FOSS projects require an experienced charity to
 
  initiate and jump-start some of the less exciting aspects of FOSS project
 
  creation and development. (In our last fiscal year, Conservancy funded 160
 
  contributors to work on FOSS)</p>
 
  contributors to work on FOSS.)</p>
 

	
 
<p>In the initial phase of this grant, Conservancy will to select a specific
 
<p>In the initial phase of this grant, Conservancy will select a specific
 
  class of device. Upon achieving compliant source releases in that
 
  subindustry through GPL enforcement, Conservancy will launch an alternative
 
  firmware project for that class of device.</p>
 

	
 
<p>Conservancy will seek to fund the time of project leaders and
 
  infrastructure for the project. The goal is to build a firm base that draws
 
  volunteers to the project. We know that sustaining funding over long
 
  periods for a grassroots hobbyist activity is quite challenging; we seek to
 
  use this grant to bootstrap and catalyze interest and contribution to the
 
  project. Ideally, Conservancy would run the project with a single full-time
 
  staffer for a about a year, and achieve a volunteer base sufficient to
 
  staffer for about a year, and achieve a volunteer base sufficient to
 
  reduce funding to one part-time staffer.</p>
 

	
 
<h3 id="criteria-for-device-selection">Criteria for Device Selection</h3>
 

	
 
<p>The IoT device industry moves quickly and we must be prepared to adapt
 
  based on new information. The first stage in this work will be to carefully
 
  evaluate and select the device on which to focus for this
 
  project. Conservancy will evaluate the following criteria in selecting a
 
  class of devices:</p>
 

	
 
<ul>
 
<li><p>Do most devices in the subindustry already run a known FOSS system
0 comments (0 inline, 0 general)